Rand Wacker wrote:
On Wed, 27 Oct 2004, David Woodhouse wrote:
The real problem with DK is that it doesn't survive existing mailing
lists though -- it is common practice to add a few lines to the bottom
of a mail as it's sent to a list, and that practice isn't going to
change any time soon. We really need to use an algorithm which allows
the recipient to locate the original content and verify it, rather than
just breaking.
We should think non-spoofable ways around this , but in the long run, if
the mailing list changes the message it should re-sign. Hell I'm in favor
of the mailling list re-signing just because I want to be able to reliably
whitelist the mail list and not have to whitelist every single person who
might post to it.
I don't think mailing lists is a real problem, for many reasons :
- there aren't too many mail listing programs available, and I'm quite
sure ML developpers are really open to include this kind of feature into
their packages. I know one of them personnally (Sympa - Serge Aumont),
and I think I can say, he will integrate some kind of authentication as
soon there will be one available.
- mailing list messages aren't the highest priority kind of trafic.
- I don't see a real deployment problem here. There are much fewer
mailing list servers than general purpose servers. So, there are much
fewer mail list servers to upgrade than general purpose mail servers.
- And on the other hand, mail list server administrators have, most of
the time, higher skills than general purpose mail servers.
Jose-Marcio
--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkmail.ensmp.fr
60, bd Saint Michel http://www.ensmp.fr/~martins
75272 - PARIS CEDEX 06
mailto:Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr